Microsoft Unveils Bug Bounty Program at Black Hat 2013

Earn big bucks for finding bugs

Microsoft joins the ranks of those offering up bug bounties to individuals who root out security holes in its products, though the program isn't limited to finished products. The Redmond outfit is also willing to reward bug hunters for discovering vulnerabilities in specific pre-release software, including Internet Explorer 11 Preview, in which it will pay up to $11,000 for critical bugs that affect the browser on the latest version of Windows (Windows 8.1 Preview). And that's just the tip of the iceberg.

You can also earn up to $100,000 for "truly novel exploitation techniques" against safeguards baked into Windows 8.1 Preview. Microsoft says it's able to improve security by "leaps" when learning of new exploitation techniques, as opposed to capturing one vulnerability at a time.

Finally, Microsoft said it will pay up to $50,000 for defensive ideas that accompany a qualifying Mitigation Bypass submission. Like the $100,000 tier, this is an ongoing program, whereas the payout for finding bugs in IE11 Preview only runs for 30 days.

"Our new bounty programs add fresh depth and flexibility to our existing community outreach programs. Having these bounty programs provides a way to harness the collective intelligence and capabilities of security researchers to help further protect customers," Microsoft said.